ApyHub
GDPR Compliance
Your Privacy, Our Priority
Learn how ApyHub protects your data and ensures compliance with the European Union's General Data Protection Regulation
Table of Contents
ApyHub GDPR Information
The European Union (EU) General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.
Besides strengthening and standardizing user data privacy across the EU nations, the GDPR requires new or additional obligations from all organizations that handle the personal data of EU citizens, regardless of where the organizations themselves are located.
ApyHub Technologies, operating through ApyHub B.V., is committed to providing its users with a high level of security and privacy, and to complying with the GDPR.
On this page, we explain our approach to GDPR compliance both as a controller of personal data and as a processor acting on behalf of our customers. Please note that this document is not a legal contract, the legal relationship between ApyHub and its users is governed by our Terms of Service and Privacy Policy.
ApyHub as the Data Controller
ApyHub acts as the data controller for personal data we collect about you as a user of our Website, APIs, Platform or Services. We also engage third-party service providers who may process personal data as our processors.
These suppliers are selected based on their ability to provide appropriate technical and organizational measures ensuring that personal data is properly protected. Upon request, we will provide information about specific subprocessors used for data processing.
ApyHub may also transmit personal data to governmental authorities or third parties if required by law, a valid legal process, or when permitted under applicable regulations.
Lawful bases for processing
1. Contractual necessity (GDPR Article 6(1)(b))
We process personal data that is necessary to provide the services you request, including account management, authentication, support, and operation of our APIs and developer tools.
2. Legal obligations (GDPR Article 6(1)(c))
We process certain personal data to comply with statutory obligations, including accounting, tax, legal compliance, and GDPR accountability requirements.
3. Legitimate interests (GDPR Article 6(1)(f))
We process personal data for our legitimate interests, provided these interests do not override your fundamental rights. These legitimate interests include:
Your Rights Under the GDPR
ApyHub is committed to respecting the rights you hold as a data subject under the GDPR. These rights include:
Right of Access
You have the right to know whether ApyHub processes personal data about you and, if so, to request access to that data.
Right to Rectification
If you believe the personal data we process is inaccurate or incomplete, you have the right to request correction or completion. We will make necessary updates without undue delay.
Right to Erasure (“Right to be Forgotten”)
You have the right to have your personal data erased if:
- •It is no longer needed for the purposes for which it was collected
- •You withdraw consent (where consent is the basis for processing)
- •The processing was unlawful
- •You have objected to processing and no overriding legitimate grounds exist
- •ApyHub must erase the data to comply with a legal obligation
Right to Restriction of Processing
You may request restriction of processing in the following cases:
- •You contest the accuracy of your personal data
- •Processing is unlawful but you prefer restriction over erasure
- •ApyHub no longer needs the data but you require it for legal claims
- •You object to processing pending verification of our legitimate interests
Right to Data Portability
You may request to receive your personal data in a structured, commonly used and machine-readable format, or to have ApyHub transmit it to another controller where technically feasible.
Right to Object
You may object to processing based on legitimate interests or direct marketing. Unless ApyHub demonstrates compelling legitimate grounds for the processing, we will cease processing your data without undue delay.
Right to Lodge a Complaint
You may lodge a complaint with your local data protection authority if you believe your rights have been violated in connection with personal data processing.
For questions or to exercise your rights, contact us at privacy@apyhub.com
ApyHub as the Data Processor
When you use the ApyHub Platform, APIs, or developer utilities to process data relating to your own users, customers, or data subjects, you act as the data controller for that data. By using ApyHub to process personal data, you engage ApyHub as your data processor.
Under Article 28 of the GDPR, controller–processor relationships must be governed by a written contract. Our Terms of Service and Privacy Policy serve as the data processing agreement between you (the controller) and ApyHub (the processor), setting out:
The instructions under which ApyHub processes your data
The technical and organizational measures we adopt
The responsibilities and guarantees of both parties
ApyHub processes personal data only in accordance with your instructions as the controller.
Data Transfers
The GDPR places strict requirements on transferring personal data outside of the European Economic Area (EEA). If ApyHub engages subprocessors located outside the EU or EEA, we ensure such transfers are carried out lawfully.
ApyHub adopts Standard Contractual Clauses (SCCs) or equivalent safeguards approved by the European Commission to ensure protection of personal data transferred internationally.
SCCs place contractual obligations on third-party service providers to ensure data remains secure and protected at all times.
Additional Documentation
- An up-to-date list of subprocessors and more details on international data transfers are available upon request.
- If you require deeper documentation, such as audit information or security compliance details, ApyHub may provide additional materials under a non-disclosure agreement.
What ApyHub Is Doing for GDPR Compliance
As a company serving customers globally — including within the EU — ApyHub has implemented technical and organizational measures to meet GDPR obligations and ensure data protection.
Internal processes, security and data integrity
ApyHub maintains internal policies and processes to ensure:
We also follow strict vendor onboarding practices to ensure that any third-party services we adopt meet the privacy and security standards expected by ApyHub and its customers.
Readiness for data subject requests
ApyHub has prepared processes to assist users in responding to data subject requests under the GDPR. Our Support and Engineering teams are trained to help users with matters related to access, modification, erasure, or transfer of personal data handled by ApyHub.
Documentation & Training
Documentation
Our Terms of Service and Privacy Policy are regularly reviewed to increase transparency and ensure alignment with GDPR requirements. We continuously document our processing activities to meet the GDPR's accountability principles.
Training
ApyHub provides internal GDPR and privacy training to personnel to ensure policies are understood and consistently followed. Privacy and security awareness are key components of our onboarding process, and specialized training is provided to teams whose work involves access to or processing of personal data.
Hopefully this information helps you navigate the EU's data protection requirements. If you have questions regarding the above or require assistance, you may contact us at privacy@apyhub.com and we will be happy to help.